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REMARKS 

Claims 1, 8, 15, and 22-23 have been amended. No new matter has been added. 
Claims 1 - 23 are under examination. 

REJECTIONS BASED ON THE PRIOR ART 

35 U.S.C 103(a) 

Claims 1.6-8. 13-15, and 20-23 
Claims 1, 6-8, 13-15, and 20-23 are rejected under 35 U.S.C 103(a) as being 
unpatentable over Skene et al, hereinafter "Skene" (U.S. Patent Application Publication 
2001/0052016 in view of Ye, (U.S. Patent No. 6,772,348). The rejection is respectfully 
traversed for the following reasons. 

Support for the amendment to Claim 1 may be found in the specification at least in 
paragraphs 59 - 64. The combination of Skene and Ye fails to teach or suggest, "searching 
the secure BPSEC cache for an entry that matches the domain name, wherein the searching 
comprises verifying the that domain name in the entry matches the domain name contained in 
the message," as claimed. The rejection asserts that Ye's searching of the cache for an EP 
address teaches searching for the domain name. Applicants disagree in that while an IP 
address may be derived from a domain name, the two are not the same. 

Moreover, the combination of Skene and Ye do not teach or suggest verifying the that 
domain name in the entry matches the domain name contained in the message, as claimed. 
Even if Skene were to be modified by Ye, as suggested in the rejection, there is no 
verification of the domain name for the following reasons. 
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Assume for the sake of argument that Skene's client 1 12 is modified by incorporating 
Ye's cache, as suggested by the rejection. If Skene's client 112 sends, to the DNS server 108, 
a request to resolve the domain name and return an IP address, it is possible that the IP 
address that is returned to the client 1 12 is not the IP address corresponding to the domain 
name. For example, a malicious host may intercept the client's request and send the wrong IP 
address to the client 1 12. Thus, the IP address in the client's cache would not correspond to 
the domain name in the message sent by the client to the DNS server. In accordance with 
Ye's teaching, the cache is searched by IP address. However, Ye does not verify that the IP 
address in the cache entry corresponds to the domain name sent by the client. Therefore, the 
rejection's proposed combination of Skene and Ye fails to teach these limitations of Claim 1. 

Furthermore, the rejection's proposed combination of Skene and Ye fails to teach or 
suggest, "querying the security policy data store for an IPSEC policy matching the domain 
name, wherein the IP processing layers verifies that the policy matches the domain name 
contained in the message," as claimed. Ye teaches that the cache is being used in a process of 
applying IPsec polices, wherein the IPsec policy is specified by an IP address. The rejection, 
in its proposed combination of Skene and Ye, appears to equate the IP address in Ye's cache 
with the domain name sent by Skene's client to DNS server. However, in the invention 
recited in Claim 1, the IP processing layers verifies that the policy matches the domain name 
contained in the message. As previously discussed there is no such verification in the 
proposed combination. 
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For the foregoing reasons, Claim 1 is allowable. Independent Claims 8, 15 and 22-23 
recite similar limitations to those in Claim 1. For at least the reasons discussed in the 
response to Claim 1, Claims 8, 15, and 22-23 are believed to be allowable. 

Claims 6-8, 13-15, and 20-21 depend from either Independent Claim 1, Independent 
Claim 8, or Independent Claim 15 incorporating limitations therefrom. As explained above, 
Claims 1, 8, and 15 include limitations that define patentable subject matter. Therefore, these 
dependant claims recite patentable subject matter for at least the same reasons their 
respective independent claims recite patentable subject matter. 

Claims 2-5, 9-12, and 16-19 
Claims 2-5, 9-12, and 16-19 are rejected under 35 U.S.C 103(a) as being unpatentable 
over Skene in view of Ye, in further view of Dixon (US Patent 6,697,857). The rejection is 
respectfully traversed for the following reasons. 

Claim 2 

The rejection concedes that the combination of Skene and Ye does not teach "each 
cache entry comprises a DNS name," as claimed. The rejection asserts that Dixon teaches 
this limitation. However, even if it is assumed for the sake of argument that Dixon stores a 
DNS name in a cache, there is no teaching or suggestion in the art to add a DNS name to 
Ye's cache, as the rejection appears to suggest. The motivation asserted by the rejection is 
that DNS names are text names that correspond to numeric IP addresses. In other words the 
rejection argues that redundant information should be added to the cache taught by Ye. 
Applicants disagree with this logic in that one of ordinary skill in the art would not be 
motivated to add additional, redundant, entries to a cache. To the contrary one of ordinary 
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skill in the art would be motivated to keep the number of cache entries low and to avoid 
adding redundant entries to a cache. 

Applicants remind the Examiner that it is impermissible to use the Applicants' 
invention as a blueprint to piece together various pieces of prior art, using only what the 
Applicants have taught against the Applicants. 

For the foregoing reasons, Claim 2 is allowable. 

Dependent Claims 9 and 16 recite similar limitations to those in Claim 2. For at least 
the reasons discussed in the response to Claim 2, Dependent Claims 9 and 16 are believed to 
be allowable. 

Claims 3-5, 10-12, and 17-19 depend from either Claim 2, Claim 9, or Claim 16 
incorporating limitations therefrom. Therefore, these dependant claims recite patentable 
subject matter. 

CONCLUSION 

The Applicant believes that all issues raised in the Office Action have been addressed 
and that allowance of the pending claims is appropriate. 

The Examiner is respectfully requested to contact the undersigned by telephone if it is 
believed that such contact would further the examination of the present application. 

For the reasons set forth above, it is respectfully submitted that all of the pending 
claims are now in condition for allowance. Therefore, the issuance of a formal Notice of 
Allowance is believed next in order, and that action is most earnestly solicited. 
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To the extent necessary to make this reply timely filed, the Applicant petitions for an 
extension of time under 37 C.F.R. § 1.136. 

If any applicable fee is missing or insufficient, throughout the pendency of this 
application, the Commissioner is hereby authorized to any applicable fees and to credit any 
overpayments to our Deposit Account No. 50-1302. 



Respectfully submitted, 

HICKMAN PALERMO TRUONG & BECKER LLP 



Date: March \H ,2006 




Ronald M. Pomerenke 
Reg. No. 43,009 



2055 Gateway Place, #550 

San Jose, CA95110 

Telephone: (408) 414-1080, ext. 210 

Facsimile: (408)414-1076 




Seq.No. 4788 



14 



